Adobe Systems’ Flash Player software is vulnerable (again). Ransomware is exploiting it. So patch now—or just uninstall it already!

Email a friend

To

From

Thank you

Sorry

Flash Player gets another emergency patch—this time, Adobe Systems is warning of a ransomware attack, exploiting a bug in the beleaguered software. So should you install the patch, or just uninstall Flash Player? What do you think…

The ransomware, known as Cerber, has an unusual schtick: it talks to you. “Attention,” it slurs. “Your documents, photos, databases, and other important files have been encrypted.”

In IT Blogwatch, bloggers test their backups and uninstall Flash. Your humble blogwatcher curated these bloggy bits for your entertainment.

Researchers discovered a security flaw...being exploited to deliver ransomware...in "drive-by" attacks that infect computers...when tainted websites are visited. ... Trend Micro Inc...warned Adobe that it had seen attackers exploiting the flaw [with] 'Cerber'. … Ransomware schemes have boomed in recent months. ... FireEye said that the bug was being leveraged [by] the Magnitude...automated tool sold on underground forums.

Another day, another Adobe Flash vulnerability. ... Proofpoint first identified the severe vulnerability...now known as CVE-2016-1019. … The exploit was calling an...undocumented API in Flash. ... Primarily spreading Cerber ransomware [and] Locky ransomware. [Proofpoint] is pretty certain it is the same group [that was] spreading Cryptowall and Teslacrypt malware over the last few months. … If you can, uninstall Flash [Player] and use Flash in a contained environment like...Chrome’s sandbox.

No other Crypto-ransomware...has a ‘voice’ capability to...move users into action. ... This innovative technique is reminiscent...of REVETON [which] can also ‘speak’. … Some reports mentioned that CERBER is being peddled...as ransomware-as-service (RaaS). ... We will be seeing more of CERBER in the near future. … [Do not] succumb and pay the ransom. ... Cybercriminals may potentially target the same users.

Stop us if you’ve heard this one before… dozens of times. ... This isn’t some tiny bug...handled privately with Adobe. … All desktop versions of Adobe Flash player are affected. ... You can use the update mechanism...or you’ll find...alternative options here.

You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.